Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

8282730: LdapLoginModule throw NPE from logout method after login failure #9348

Closed
wants to merge 6 commits into from

Conversation

wangweij
Copy link
Contributor

@wangweij wangweij commented Jul 1, 2022

Add null-checks in all LoginModule implementations. It's possible that an application calls logout after a login failure, where most internal variables for principals and credentials are null and removing a null from the Subject's principals and credentials sets will trigger a NullPointerException.


Progress

  • Change must be properly reviewed (1 review required, with at least 1 Reviewer)
  • Change must not contain extraneous whitespace
  • Commit message must refer to an issue
  • Change requires a CSR request to be approved

Issues

  • JDK-8282730: LdapLoginModule throw NPE from logout method after login failure
  • JDK-8290119: LdapLoginModule throw NPE from logout method after login failure (CSR)

Reviewers

Reviewing

Using git

Checkout this PR locally:
$ git fetch https://git.openjdk.org/jdk pull/9348/head:pull/9348
$ git checkout pull/9348

Update a local copy of the PR:
$ git checkout pull/9348
$ git pull https://git.openjdk.org/jdk pull/9348/head

Using Skara CLI tools

Checkout this PR locally:
$ git pr checkout 9348

View PR using the GUI difftool:
$ git pr show -t 9348

Using diff file

Download this PR as a diff file:
https://git.openjdk.org/jdk/pull/9348.diff

@bridgekeeper
Copy link

bridgekeeper bot commented Jul 1, 2022

👋 Welcome back weijun! A progress list of the required criteria for merging this PR into master will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

@openjdk
Copy link

openjdk bot commented Jul 1, 2022

@wangweij The following labels will be automatically applied to this pull request:

  • security
  • serviceability

When this pull request is ready to be reviewed, an "RFR" email will be sent to the corresponding mailing lists. If you would like to change these labels, use the /label pull request command.

@openjdk openjdk bot added security security-dev@openjdk.org serviceability serviceability-dev@openjdk.org labels Jul 1, 2022
@wangweij
Copy link
Contributor Author

wangweij commented Jul 8, 2022

/csr

@wangweij wangweij marked this pull request as ready for review July 8, 2022 03:58
@openjdk openjdk bot added rfr Pull request is ready for review csr Pull request needs approved CSR before integration labels Jul 8, 2022
@openjdk
Copy link

openjdk bot commented Jul 8, 2022

@wangweij has indicated that a compatibility and specification (CSR) request is needed for this pull request.

@wangweij please create a CSR request for issue JDK-8282730 with the correct fix version. This pull request cannot be integrated until the CSR request is approved.

@mlbridge
Copy link

mlbridge bot commented Jul 8, 2022

Webrevs

Copy link
Member

@seanjmullan seanjmullan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A couple of minor comments so far; still reviewing.

@wangweij
Copy link
Contributor Author

wangweij commented Jul 11, 2022

New commits pushed. BTW, in the 2nd one, I reverted some {@code null} changes since it looks like "null" is used as an adjective here instead of a Java keyword. The same style appears multiple times in other places.

Copy link
Member

@seanjmullan seanjmullan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I can also review the CSR when it is ready.

@wangweij
Copy link
Contributor Author

Thanks. CSR is filed at https://bugs.openjdk.org/browse/JDK-8290119. I've also written a release note at https://bugs.openjdk.org/browse/JDK-8290467. Please take a review.

@openjdk openjdk bot removed the csr Pull request needs approved CSR before integration label Aug 1, 2022
@openjdk
Copy link

openjdk bot commented Aug 1, 2022

@wangweij This change now passes all automated pre-integration checks.

ℹ️ This project also has non-automated pre-integration requirements. Please see the file CONTRIBUTING.md for details.

After integration, the commit message for the final commit will be:

8282730: LdapLoginModule throw NPE from logout method after login failure

Reviewed-by: mullan

You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed.

At the time when this comment was updated there had been 434 new commits pushed to the master branch:

  • f714ac5: 8290718: Remove ALLOCATION_SUPER_CLASS_SPEC
  • 6cbc234: 8287393: AArch64: Remove trampoline_call1
  • 57bf603: 8289948: Improve test coverage for XPath functions: Node Set Functions
  • 1df77ec: 8291060: OPEN_MAX is no longer the max limit on macOS >= 10.6 for RLIMIT_NOFILE
  • fcc1195: 8290531: Loom: Parallelize a few tests more deeply
  • 226b8e6: 8290885: java/lang/ProcessBuilder/PipelineLeaksFD.java fail: More or fewer pipes than expected
  • 464085e: 8291558: unify print_jni_name_prefix_on and print_jni_name_suffix_on on posix platforms
  • f5d1b5b: 6463708: DefaultButtonModel.setMnemonic generates ChangeEvent for no change
  • 30205bb: 8290966: G1: Record number of PLAB filled and number of direct allocations
  • 86ef7b2: 8289046: Undefined Behaviour in x86 class Assembler
  • ... and 424 more: https://git.openjdk.org/jdk/compare/88fe19c5b2d809d5b9136e1a86887a50d0eeeb55...master

As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details.

➡️ To integrate this PR with the above commit message to the master branch, type /integrate in a new comment.

@openjdk openjdk bot added the ready Pull request is ready to be integrated label Aug 1, 2022
@wangweij
Copy link
Contributor Author

wangweij commented Aug 1, 2022

/integrate

@openjdk
Copy link

openjdk bot commented Aug 1, 2022

Going to push as commit 554f44e.
Since your change was applied there have been 434 commits pushed to the master branch:

  • f714ac5: 8290718: Remove ALLOCATION_SUPER_CLASS_SPEC
  • 6cbc234: 8287393: AArch64: Remove trampoline_call1
  • 57bf603: 8289948: Improve test coverage for XPath functions: Node Set Functions
  • 1df77ec: 8291060: OPEN_MAX is no longer the max limit on macOS >= 10.6 for RLIMIT_NOFILE
  • fcc1195: 8290531: Loom: Parallelize a few tests more deeply
  • 226b8e6: 8290885: java/lang/ProcessBuilder/PipelineLeaksFD.java fail: More or fewer pipes than expected
  • 464085e: 8291558: unify print_jni_name_prefix_on and print_jni_name_suffix_on on posix platforms
  • f5d1b5b: 6463708: DefaultButtonModel.setMnemonic generates ChangeEvent for no change
  • 30205bb: 8290966: G1: Record number of PLAB filled and number of direct allocations
  • 86ef7b2: 8289046: Undefined Behaviour in x86 class Assembler
  • ... and 424 more: https://git.openjdk.org/jdk/compare/88fe19c5b2d809d5b9136e1a86887a50d0eeeb55...master

Your commit was automatically rebased without conflicts.

@openjdk openjdk bot added the integrated Pull request has been integrated label Aug 1, 2022
@openjdk openjdk bot closed this Aug 1, 2022
@openjdk openjdk bot removed the ready Pull request is ready to be integrated label Aug 1, 2022
@openjdk openjdk bot removed the rfr Pull request is ready for review label Aug 1, 2022
@openjdk
Copy link

openjdk bot commented Aug 1, 2022

@wangweij Pushed as commit 554f44e.

💡 You may see a message that your pull request was closed with unmerged commits. This can be safely ignored.

@wangweij wangweij deleted the 8282730 branch August 16, 2022 15:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
integrated Pull request has been integrated security security-dev@openjdk.org serviceability serviceability-dev@openjdk.org
Development

Successfully merging this pull request may close these issues.

2 participants